| #101 | Pay For Post with WooCommerce | 21 | 960 | 1,474 | 1k+ | | | Non-prefixed global variable |
| #102 | PPOM – Product Addons & Custom Fields for WooCommerce | 21 | 336 | 1,322 | 20k+ | | | Non-prefixed global variable |
| #103 | Wordfence Security – Firewall, Malware Scan, and Login Security | 21 | 1,592 | 2,973 | 5m+ | | | Output is not escaped |
| #104 | WP Compress – Instant Performance & Speed Optimization | 21 | 3,367 | 3,253 | 10k+ | | | Non Singular String Literal Domain |
| #105 | WP-Lister Lite for eBay | 21 | 6,697 | 5,129 | 2k+ | | | Output is not escaped |
| #106 | WP phpMyAdmin | 21 | 4,528 | 6,435 | 50k+ | | | Missing Arg Domain |
| #107 | wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin | 21 | 1,811 | 1,432 | 70k+ | | | Output is not escaped |
| #108 | WP Extended – The Ultimate WordPress Toolkit | 21 | 1,253 | 398 | 600 | | | Non Singular String Literal Domain |
| #109 | WPScan – WordPress Security Scanner | 21 | 527 | 265 | 8k+ | | | Text Domain Mismatch |
| #110 | 12 Step Meeting List | 22 | 156 | 593 | 900 | | | Non-prefixed global variable |
| #111 | Frontend Admin by DynamiApps | 22 | 5,922 | 3,208 | 10k+ | | | Text Domain Mismatch |
| #112 | WP Sessions Time Monitoring Full Automatic | 22 | 869 | 1,529 | 500 | | | Non-prefixed global variable |
| #113 | Advanced Classifieds & Directory Pro | 22 | 1,229 | 3,511 | 2k+ | | | Non-prefixed global variable |
| #114 | Advanced Form Integration — Connect Forms to 200+ Apps | 22 | 5,771 | 4,678 | 10k+ | | | wp function not compatible with requires wp |
| #115 | Ajax Load More – Infinite Scroll, Load More, & Lazy Load | 22 | 641 | 595 | 40k+ | | | Unsafe printing function |
| #116 | All-in-One Video Gallery | 22 | 911 | 2,892 | 20k+ | | | Non-prefixed global variable |
| #117 | Booking for Appointments and Events Calendar – Amelia | 22 | 1,489 | 480 | 90k+ | | | Exception output is not escaped |
| #118 | Shortcodes and extra features for Phlox theme | 22 | 413 | 426 | 90k+ | | | Output is not escaped |
| #119 | Backup Bolt | 22 | 580 | 1,313 | 800 | | | Non-prefixed global variable |
| #120 | Knowledge Base documentation & wiki plugin – BasePress Docs | 22 | 671 | 1,767 | 2k+ | | | Non-prefixed global variable |
| #121 | Better Messages – Chat Rooms, Group Chat, Private Messages & AI Chat Bots | 22 | 1,607 | 2,022 | 10k+ | | | Direct Query |
| #122 | Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD | 22 | 669 | 769 | 1k+ | | | Output is not escaped |
| #123 | Cleanup Action Scheduler | 22 | 545 | 1,306 | 1k+ | | | Non-prefixed global variable |
| #124 | Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer | 22 | 2,858 | 1,270 | 50k+ | | | Text Domain Mismatch |
| #125 | Accept PayPal Payments using Contact Form 7 | 22 | 359 | 127 | 600 | | | Text Domain Mismatch |
| #126 | Passster – Password Protect Pages and Content | 22 | 539 | 1,419 | 10k+ | | | Non-prefixed global variable |
| #127 | Cozy Blocks – Page Builder for Gutenberg Editor & FSE with 500+ Patterns, 57 Blocks & Templates | 22 | 2,167 | 4,175 | 7k+ | | | Non-prefixed global variable |
| #128 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | 22 | 3,654 | 5,061 | 8k+ | | | Non-prefixed global variable |
| #129 | WP Customer Area | 22 | 3,308 | 941 | 10k+ | | | Text Domain Mismatch |
| #130 | Directorist: AI-Powered Business Directory, Listings & Classified Ads | 22 | 548 | 2,172 | 20k+ | | | Non-prefixed global variable |
| #131 | DirectoryPress – Business Directory And Classified Ad Listing | 22 | 4,787 | 2,795 | 800 | | | Text Domain Mismatch |
| #132 | Download Manager | 22 | 2,282 | 1,352 | 100k+ | | | Output is not escaped |
| #133 | Diverse Solutions IDX Real Estate Listings & MLS Search | 22 | 745 | 605 | 1k+ | | | Heredoc Output Not Escaped |
| #134 | Dynamic QR Code – generator | 22 | 238 | 208 | 6k+ | | | Missing direct file access protection |
| #135 | E2Pdf – Export Pdf Tool for WordPress | 22 | 1,075 | 836 | 10k+ | | | Unsafe printing function |
| #136 | easyReservations | 22 | 5,307 | 2,480 | 800 | | | Text Domain Mismatch |
| #137 | EleSpare – News, Magazine and Blog Addons for Elementor | 22 | 733 | 1,423 | 10k+ | | | Non-prefixed global variable |
| #138 | Employee Spotlight – Team Member Showcase & Meet the Team Plugin | 22 | 247 | 689 | 400 | | | Non-prefixed hook name |
| #139 | Estatik Real Estate Plugin | 22 | 3,049 | 325 | 10k+ | | | Text Domain Mismatch |
| #140 | Events Maker by dFactory | 22 | 588 | 819 | 1k+ | | | Output is not escaped |
| #141 | Events Manager – Calendar, Bookings, Tickets, and more! | 22 | 4,711 | 5,660 | 70k+ | | | Output is not escaped |
| #142 | Falang multilanguage for WordPress | 22 | 716 | 769 | 1k+ | | | Output is not escaped |
| #143 | Finale Lite – Sales Countdown Timer & Discount for WooCommerce | 22 | 1,031 | 451 | 4k+ | | | Output is not escaped |
| #144 | FireBox Popups – Increase Sales and Grow Your Email List | 22 | 153 | 812 | 7k+ | | | Non-prefixed global variable |
| #145 | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | 22 | 409 | 236 | 700k+ | | | Text Domain Mismatch |
| #146 | Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar | 22 | 1,321 | 1,371 | 3k+ | | | Non-prefixed global variable |
| #147 | FunnelKit Payment Gateway for Stripe WooCommerce | 22 | 244 | 321 | 20k+ | | | Input is not sanitized |
| #148 | GeoDirectory – WP Business Directory Plugin and Classified Listings Directory | 22 | 4,466 | 3,972 | 10k+ | | | Output is not escaped |
| #149 | Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms | 22 | 1,037 | 722 | 20k+ | | | Unsafe printing function |
| #150 | Heureka | 22 | 557 | 254 | 400 | | | Exception output is not escaped |